jagomart
digital resources
picture1_Contracts Pdf 202100 | Dataprivacyaddendumexistingcontract


 123x       Filetype PDF       File size 0.13 MB       Source: resources.finalsite.net


File: Contracts Pdf 202100 | Dataprivacyaddendumexistingcontract
data privacy plan and parents bill of rights for data security and privacy pursuant to section 2 d of the education law agreements entered between the district and a third ...

icon picture PDF Filetype PDF | Posted on 10 Feb 2023 | 2 years ago
Partial capture of text on file.
                   DATA PRIVACY PLAN AND 
                  PARENTS’ BILL OF RIGHTS FOR  
                  DATA SECURITY AND PRIVACY 
                           
      Pursuant to Section 2-d of the Education Law, agreements entered between the District and a 
      third-party contractor which require the disclosure of student data and/or teacher or principal 
      data that contains personally identifiable information (“PII”) to the contractor, must include a 
      data security and privacy plan and must ensure that all contracts with third-party contractors 
      incorporate the District’s Parents’ Bill of Rights for Data Security and Privacy. 
       
      As such,[ COMPANY NAME] . agrees that the following terms shall be incorporated into the 
      contract for services (“the Contract”) and it shall adhere to the following: 
       
        1.  The Contactor’s storage, use and transmission of student and teacher/principal PII shall 
         be consistent with the District’s Data Security and Privacy Policy available here: 
         [INSERT WEB ADDRESS OF POLICY]  
          
        2.  Contractor shall not sell personally identifiable information nor use or disclose it for any 
         marketing or commercial purpose or permit another party to do so. 
          
        3.  The exclusive purposes for which the student data or teacher or principal data will be 
         used under the contract are set forth in Paragraph 2(a) of the Contract only for the term of 
         the Contract as set forth in Paragraph 10(a). 
          
        4.  The Contract shall maintain the following administrative, operational and technical 
         safeguards and practices in place to protect PII, which shall align with the NIST 
         Cybersecurity Framework, including: 
          
           a.  PII data will be protected using encryption while in motion and at rest by 
            [ENTER HOW]. 
          
           b.  PII will be stored in a manner as to protect its security and to mitigate any 
            potential security risks. Specifically, all student data and/or teacher or principal 
            data will be stored by [ENTER HOW STORED]. The security of this data will be 
            ensured by [ENTER SECURITY SAFEGUARDS].   
          
           c.  Physical access to PII by individuals or entities described in paragraph 3 above 
            shall be controlled as follows: [DESCRIBE] 
          
        5.  The Contractor shall ensure that no PII is disclosed to employees, subcontractors, or other 
         persons or entities unless they have a legitimate educational interest and only for 
         purposes necessary to provide services under the Contract.   
          
           a.  By initialing here _________ Contractor represents that it will not utilize any 
            subcontractors or outside entities to provide services under the Contract and shall 
            not disclose any PII other than as required pursuant to paragraph 6 below. 
             
           b.  [IF SUBCONTRACTORS ARE USED DESCRIBE HOW CONTRACTOR 
            WILL “MANAGE RELATIONSHIPS”]  
          
        6.  Contractor shall ensure that all employees, subcontractors, or other persons or entities 
         who have access to PII will abide by all applicable data protection and security 
         requirements, including, but not limited to those outlined in applicable laws and 
         regulations (e.g., FERPA, Education Law Section 2-d).  Contractor shall provide training 
         to any employees, subcontractors, or other persons or entities to whom it discloses PII as 
         follows: [DESCRIBE] 
             
        7.  Contractor shall not disclose PII to any other party other than those set forth in paragraph 
         4 above without prior written parental consent or unless required by law or court order.  
         If disclosure of PII is required by law or court order, the Contractor shall notify the New 
         York State Education Department and the District no later than the time the PII is 
         disclosed unless such notice is expressly prohibited by law or the court order. 
          
        8.  Upon expiration of the contract, the PII will be returned to the District and/or destroyed.  
         Specifically, [ENTER TRANSFER AND/OR DESTRUCTION INFORMATION (i.e., 
         whether, when and in what format the data will be returned to the district, and/or whether, 
         when and how the data will be destroyed)] 
          
        9.  The parent, student, eligible student, teacher, or principal may challenge the accuracy of 
         the student data or teacher or principal data collected in accordance with the procedures 
         set forth in the FERPA regulations at 99 C.F.R. Part 34, Subpart C, §§99.20-99.22. 
          
        10. The Contractor shall take the following steps to identify breaches or unauthorized 
         releases of PII and to notify the District upon learning of an unauthorized release of PII. 
         [DESCRIBE – below are minimum requirements] 
          
           a.  Provide prompt notification to the District no later than seven (7) calendar days 
            from date of discovery of a breach or unauthorized release of PII.  Contractor 
            shall provide notification to the District’s data privacy officer by phone and by 
            email.   
             
           b.  Contractor shall cooperate with the District and law enforcement to protect the 
            integrity of the investigation of any breach or unauthorized release of PII. 
       
           c.  Where a breach or unauthorized release is attributed to the Contractor, the 
            Contractor shall pay for or promptly reimburse the District for the full cost of 
            such notification. 
          
        11. A complete list of all student data elements collected by the State is available for public 
         review at http://www.p12.nysed.gov/irs/sirs/documentation/NYSEDstudentData.xlsx, or 
         parents may obtain a copy of this list by writing to the Office of Information & Reporting 
         Services, New York State Education Department, Room 863 EBA, 89 Washington 
         Avenue, Albany, NY 12234. 
          
        12. Parents have the right to file complaints with the District about possible privacy breaches 
         of student data by the District’s third-party contractors or their employees, officers, or 
         assignees, or with NYSED. Complaints to NYSED should be directed in writing to the 
         Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, 
         Albany NY  12234, email to CPO@mail.nysed.gov. 
       
       
      The District shall publish this contract addendum on its website. 
       
       
       
      ______________________________ 
      Vendor/Contractor Signature 
       
       
      ______________________________ 
      Vendor/Contractor Name (Print) 
       
       
      ______________________________ 
      Company Name (Print) 
       
The words contained in this file might help you see if this file matches what you are looking for:

...Data privacy plan and parents bill of rights for security pursuant to section d the education law agreements entered between district a third party contractor which require disclosure student or teacher principal that contains personally identifiable information pii must include ensure all contracts with contractors incorporate s as such agrees following terms shall be incorporated into contract services it adhere contactor storage use transmission consistent policy available here not sell nor disclose any marketing commercial purpose permit another do so exclusive purposes will used under are set forth in paragraph only term maintain administrative operational technical safeguards practices place protect align nist cybersecurity framework including protected using encryption while motion at rest by b stored manner its mitigate potential risks specifically this ensured c physical access individuals entities described above controlled follows no is disclosed employees subcontractors oth...

no reviews yet
Please Login to review.